FINOS Events

2026-06-24 - OPEN SDLC CONTROLS FRAMEWORK FOR FINANCIAL SERVICES WORKSHOP - OSFF LONDON

Written by Aaron Griswold | Jun 2, 2026 9:45:43 PM

Automating Governance: Moving from "Draft" to "Published" Standards

Stop trading velocity for compliance. You can have both.

Following the success of our recent workshop in Toronto with major Canadian financial institutions, the Open SDLC Controls Framework working group is coming to London.

For most financial institutions, "Audit Season" remains a manual, friction-filled process of gathering screenshots and halting deployments. This workshop is designed to change that. Join industry leads to help finalize the next set of "Controls as Code."

WORKSHOP DESCRIPTION

In regulated industries, delivering software quickly and securely requires a delicate balance between enterprise policy and developer experience. Building on the success of the Common Cloud Controls and the AI Governance Framework, this initiative provides a shared, technology-agnostic vocabulary for SDLC controls that the entire industry can adopt.

This London session marks a critical milestone: The Transition from Draft to Published (in preparation for making a formal contribution proposal as a standards project in the FINOS community). We will move beyond high-level theory into the technical "brass tacks" of governance. Participants will engage in interactive working sessions to review, refine, and finalize controls that bridge the gap between what an auditor requires and what a CI/CD pipeline executes. We will specifically focus on newly contributed areas including testing gates, service dependency mapping, and tooling inventories.

WHO SHOULD ATTEND?

This session is designed to bring the "Three Lines of Defense" together:

  • DevOps & Platform Architects: Who want to build "Golden Paths" with compliance built-in, not bolted on.
  • Internal Audit (Tech) Leads: Who are moving toward continuous monitoring and automated evidence.
  • Risk & Compliance Officers: Who need to map SDLC controls to global regulations (DORA, NIST, SSDF).
  • Engineering Managers: Who want to reduce the "Audit Tax" on their delivery teams.

What You Will Walk Away With:

  • Testing & Deployment Gates: How to codify requirements for automated vs. manual test evidence and implement gates that prevent non-compliant code from reaching production.
  • Service Dependency Mapping: Strategies for distinguishing between application-level dependencies (APIs/Services) and infrastructure components for better runtime traceability.
  • Tools Inventory Standards: Defining a common way to track the CI/CD tools used in your pipeline to ensure environment reproducibility and provenance.

What You Will Walk Away With:

  • Laptop Required: For reviewing framework documentation and live pull requests.
  • Domain Knowledge: Familiarity with CI/CD concepts, GitHub/GitLab workflows, or IT Risk Management frameworks (NIST/ISO) is highly recommended.

Logistics & Application

  • Date: Wednesday, 24 June 2026
  • Time: 9:00 AM – 1:00 PM UK
  • Location: London (Venue details provided upon acceptance)
  • Cost: Free for approved applicants (Standard Value: £1,000)

Note: Priority will be given to individuals from FINOS Member financial institutions and regulated industries.

APPLY FOR SEAT HERE

 
View full post